Code of Federal Regulations (CFR) Title 21, under the jurisdiction of the Food and Drug Administration, applies to organizations with products and services that deal in FDA-regulated aspects of life science products.
CFR Title 21 Part 11 sets requirements to ensure that electronic records and signatures are trustworthy, reliable, and equivalent substitutes for paper records and handwritten signatures. To improve the security of computer systems in FDA-regulated industries, it also offers these guidelines:
- Routines and controls that support electronic records and signatures, e.g. backup, security, and validation.
- Features that ensure that the document system is secure, contains audit trails for data values, and ensures the integrity of electronic signatures.
- Documentation that supply evidence that the system does what is intended, and that users can detect when the system is not working as designed.
Microsoft and FDA CFR Title 21
Microsoft’s cloud services undergo regular independent third-party SOC 1 Type 2 and SOC 2 Type 2 audits and are certified according to ISO/IEC 27001 and ISO/IEC 27018 standards.
Although these audits and certifications do not specifically FDA regulatory compliance, their purpose and objectives are similar in nature to those of CFR Title 21 Part 11, and serve to help ensure the confidentiality, integrity, and availability of data stored in Microsoft cloud services. Customers can request access to the compliance reports, through their Microsoft account representative, or through the Service Trust Portal.
Read this page for further information: Food and Drug Administration CFR Title 21 Part 11 – Microsoft Compliance.
MetaShare and FDA CFR Title 21
To be compliant with CFR Title 21 Part 11, you need to set in place policies and routines to assess that the users are granted adequate permissions, that key user activities are monitored and that audits can be performed. SharePoint/Microsoft 365 has a vast amount of built in features for this, e.g. Data Loss Prevention (DLP) and Microsoft Information Protection (MIP).
By complementing Microsoft 365 with 3rd party solutions, such as MetaShare, for increased findability and user friendliness, you increase the compliance to the FDA CFR Title 21 requirements. Documents that are accessed through MetaShare are always securely stored in Microsoft SharePoint, ensuring the documents’ confidentiality, integrity, and availability.